ISO/IEC 27001:2022

ISO 27001 without the paperwork

ISO 27001 is a management system, not a checklist. But the technical evidence underneath that system? That is where teams drown. MANTIS handles the technical proof so your team can focus on governance, risk decisions, and actually running the ISMS.

Start Free
Annex A — 2022 Edition

93 controls. Four families.

The 2022 revision reorganized 114 controls into 93 across four themes. MANTIS automates evidence for the technology controls -- the 34 that consume the most engineering hours.

37

A.5 Org Controls

8

A.6 People

14

A.7 Physical

34

A.8 Technology

MANTIS coverage

Technology controls we cover.

Access Management

A.8.2-8.5

User provisioning, privileged access, authentication. MANTIS validates IAM policies and flags dormant accounts with elevated permissions.

Data Protection

A.8.10-8.12

Classification, labeling, data masking. MANTIS checks storage encryption, backup policies, and DLP configurations across cloud accounts.

Network Security

A.8.20-8.22

Segmentation, filtering, web services. MANTIS maps security groups, validates network ACLs, and tests for unintended cross-zone paths.

Vulnerability Management

A.8.8-8.9

Technical vulnerability remediation and configuration hardening. Agent-level pentesting finds what scanners miss.

Monitoring

A.8.15-8.16

Logging and event correlation. MANTIS confirms audit trails exist, retention meets policy, and alerting covers security-relevant events.

Secure Development

A.8.25-8.31

Secure coding, testing, separation of environments. MANTIS tests deployed applications for OWASP Top 10 and business logic flaws.

Gap analysis that stays current.

Traditional gap assessments are a snapshot. By the time the auditor reads the report, your infrastructure has already changed. MANTIS runs gap analysis continuously.

Point-in-time audit

  • Findings stale within weeks
  • Manual re-assessment needed for every change
  • Gaps discovered at certification audit
  • Evidence scramble before surveillance visits

Continuous with MANTIS

  • Drift detected on every config change
  • New gaps flagged before they reach production
  • Evidence always current for surveillance audits
  • Certification readiness score updated in real-time

Let your team focus on the ISMS. Let MANTIS handle the evidence.

Start Free